Add cancancan to SDG content

Only allow access to the SDG content section to administrators and sdg managers
2020-11-25 15:00:01 +01:00
parent 65d6282b51
commit fb5965fe63
14 changed files with 52 additions and 5 deletions
--- a/app/controllers/sdg_management/goals_controller.rb
+++ b/app/controllers/sdg_management/goals_controller.rb
@@ -1,5 +1,7 @@
 class SDGManagement::GoalsController < SDGManagement::BaseController
+  load_and_authorize_resource class: "SDG::Goal"
+
  def index
-    @goals = SDG::Goal.order(:code)
+    @goals = @goals.order(:code)
  end
 end
--- a/app/controllers/sdg_management/targets_controller.rb
+++ b/app/controllers/sdg_management/targets_controller.rb
@@ -1,7 +1,7 @@
 class SDGManagement::TargetsController < SDGManagement::BaseController
-  Target = ::SDG::Target
+  load_and_authorize_resource class: "SDG::Target"

  def index
-    @targets = Target.all.sort
+    @targets = @targets.sort
  end
 end
--- a/app/models/abilities/administrator.rb
+++ b/app/models/abilities/administrator.rb
@@ -4,6 +4,7 @@ module Abilities

    def initialize(user)
      merge Abilities::Moderation.new(user)
+      merge Abilities::SDG::Manager.new(user)

      can :restore, Comment
      cannot :restore, Comment, hidden_at: nil
--- a/app/models/abilities/sdg/manager.rb
+++ b/app/models/abilities/sdg/manager.rb
@@ -0,0 +1,12 @@
+module Abilities
+  class SDG::Manager
+    include CanCan::Ability
+
+    def initialize(user)
+      merge Abilities::Common.new(user)
+
+      can :read, ::SDG::Goal
+      can :read, ::SDG::Target
+    end
+  end
+end
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -15,6 +15,8 @@ class Ability
        merge Abilities::Moderator.new(user)
      elsif user.manager?
        merge Abilities::Manager.new(user)
+      elsif user.sdg_manager?
+        merge Abilities::SDG::Manager.new(user)
      else
        merge Abilities::Common.new(user)
      end
--- a/app/models/sdg/manager.rb
+++ b/app/models/sdg/manager.rb
@@ -1,5 +1,5 @@
 class SDG::Manager < ApplicationRecord
-  belongs_to :user, touch: true
+  belongs_to :user, touch: true, inverse_of: :sdg_manager
  delegate :name, :email, to: :user

  validates :user_id, presence: true, uniqueness: true
--- a/spec/models/abilities/administrator_spec.rb
+++ b/spec/models/abilities/administrator_spec.rb
@@ -106,4 +106,7 @@ describe Abilities::Administrator do
  it { should be_able_to(:manage, LocalCensusRecord) }
  it { should be_able_to(:create, LocalCensusRecords::Import) }
  it { should be_able_to(:show, LocalCensusRecords::Import) }
+
+  it { should be_able_to(:read, SDG::Goal) }
+  it { should be_able_to(:read, SDG::Target) }
 end
--- a/spec/models/abilities/common_spec.rb
+++ b/spec/models/abilities/common_spec.rb
@@ -304,4 +304,7 @@ describe Abilities::Common do
    it { should be_able_to(:disable_recommendations, Debate) }
    it { should be_able_to(:disable_recommendations, Proposal) }
  end
+
+  it { should_not be_able_to(:read, SDG::Goal) }
+  it { should_not be_able_to(:read, SDG::Target) }
 end
--- a/spec/models/abilities/everyone_spec.rb
+++ b/spec/models/abilities/everyone_spec.rb
@@ -52,4 +52,7 @@ describe Abilities::Everyone do
  it { should be_able_to(:summary, create(:legislation_process, :past)) }
  it { should_not be_able_to(:summary, create(:legislation_process, :open)) }
  it { should_not be_able_to(:summary, create(:legislation_process, :past, :not_published)) }
+
+  it { should_not be_able_to(:read, SDG::Goal) }
+  it { should_not be_able_to(:read, SDG::Target) }
 end
--- a/spec/models/abilities/moderator_spec.rb
+++ b/spec/models/abilities/moderator_spec.rb
@@ -108,4 +108,7 @@ describe Abilities::Moderator do
    it { should_not be_able_to(:comment_as_administrator, proposal) }
    it { should_not be_able_to(:comment_as_administrator, legislation_question) }
  end
+
+  it { should_not be_able_to(:read, SDG::Goal) }
+  it { should_not be_able_to(:read, SDG::Target) }
 end
--- a/spec/models/abilities/organization_spec.rb
+++ b/spec/models/abilities/organization_spec.rb
@@ -22,4 +22,7 @@ describe "Abilities::Organization" do

  it { should be_able_to(:create, Comment) }
  it { should_not be_able_to(:vote, Comment) }
+
+  it { should_not be_able_to(:read, SDG::Goal) }
+  it { should_not be_able_to(:read, SDG::Target) }
 end
--- a/spec/models/abilities/sdg/manager.rb
+++ b/spec/models/abilities/sdg/manager.rb
@@ -0,0 +1,12 @@
+require "rails_helper"
+require "cancan/matchers"
+
+describe "Abilities::SDG::Manager" do
+  subject(:ability) { Ability.new(user) }
+
+  let(:user) { sdg_manager.user }
+  let(:sdg_manager) { create(:sdg_manager) }
+
+  it { should be_able_to(:read, SDG::Goal) }
+  it { should be_able_to(:read, SDG::Target) }
+end
--- a/spec/models/abilities/valuator_spec.rb
+++ b/spec/models/abilities/valuator_spec.rb
@@ -39,4 +39,7 @@ describe Abilities::Valuator do

    it { should_not be_able_to(:comment_valuation, assigned_investment) }
  end
+
+  it { should_not be_able_to(:read, SDG::Goal) }
+  it { should_not be_able_to(:read, SDG::Target) }
 end
--- a/spec/system/sdg_management/goals_spec.rb
+++ b/spec/system/sdg_management/goals_spec.rb
@@ -1,7 +1,7 @@
 require "rails_helper"

 describe "Goals", :js do
-  before { login_as(create(:administrator).user) }
+  before { login_as(create(:sdg_manager).user) }

  describe "Index" do
    scenario "Visit the index" do